Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1) For Mint repository version naming (or any similar) what does
"Version: 52.0+linuxmint1+serena" actually mean?
What is the '1' after linuxmint? Does it mean it's v52.0, 52.0.1 or...?
2) Since repository versions are often behind the latest stable dev versions, exactly how are the newest security updates incorporated into older versions (in a repository).
Or are ALL apps as up to date - security fix-wise, as latest dev releases, necessarily? I've read devs complaining that distro XYZ has an old, vulnerable version on the Repo; won't take it off but won't put up the new one, or other scenarios.
3) For huge projects like browsers, office suite & 1000's of apps, how can small distros take all security & kernel code changes & back port them to a previous version? And have the man power to thoroughly test that all new changes work 99.99% - in the older versions?
Or is testing by distros in this aspect not a reality?
I'm sure I don't fully understand, but the staffs of Mint, Fedora, CentOS, etc., are minuscule compared to Mozilla, Google, LOO, etc.
The smaller distros rely on bigger ones upstream; eg Centos is basically a free rebuild of RHEL
RHEL (for example) go for stability by sticking to the same major version of an app/service during a given major OS version, BUT they definitely do backport bugfixes and Security fixes - hence the long/complex version nums eg
Code:
Linux 2.6.32-642.1.1.el6.centos.plus.x86_64
Major kernel version (STABLE) 2.6, subver 32, patch 642 sub 1, sub 1 ... for 64 bit processor.
If you really want to read into this, see the RedHat website; its all there in the docs; both the numbering convention and release notes for each version/sub/patch/... etc
I appreciate the info on Linux OS version numbering.
But I asked about meaning of version numbering for 3rd party apps (firefox, etc.) shown in distros' repositories - specifically Mint.
e.g., the specific example I gave.
The version numbering of ubuntu / mint repository, non-OS apps don't have the same info as your Linux example.
I'm trying to understand Mint's repository version numbering for apps, & see how they align w/ devs' version numbers (or if there's any consistent comparison at all).
I also asked about how (any) distro has time for back porting fixes, plus do any testing - * on 1000's of apps * in repositories. Not about a distro's version of Linux OS.
*Any* distro's staff is tiny compared to Mozilla, Google, etc.
in that particular case, It looks to me like its firefox 52.0 plus particular stuff for linux mint. Distros customize certain parts of upstream apps on occasion.
in the mx linux case for firefox, the deb is:
firefox_52.0.2~mozillabinaries-1mx15+1_amd64.deb
with the version
52.0.2~mozillabinaries-1mx15+1
In this case firefox 52.0.2 with mx customizations included.
1) For Mint repository version naming (or any similar) what does
"Version: 52.0+linuxmint1+serena" actually mean?
What is the '1' after linuxmint? Does it mean it's v52.0, 52.0.1 or...?
The upstream version is 52.0, this being Linux Mint's first packaging of that version of the package for the Serena version of Mint. It isn't v. 52.0.1, as illustrated by my current version 52.0.1+linuxmint1+serena.
Also in my repos is 52.0.1+build2-0ubuntu0.16.04.1, which is again the upstream version of 52.0.1 (Upstream build 2; not a Debian package as defined by the -0), but is the first package of this produced by Ubuntu for 16.04.
Thanks. That's interesting - (by your example) MX linux has 52.0.2. (Same as Mozilla's latest stable_x64). Mint's main repo only has 52.0 - still, as of 3/30/2017.
That's part of the reason I installed the Mozilla release manually. Mint's v52.0 may have latest bug fixes back ported (don't know to what extent - only critical, high??), but AFAIK don't have latest features or UI, hardware related fixes?
That's the part I don't like about taking what's available in the repo. A bug in earlier version may not be a security risk or crash 50% of users, but it may make some users miserable. The disto version may contain / not contain things in the dev release. Sometimes, changing it back is a PIA.
So far I've found it's a good bit of work to update packages installed manually, say, to /opt.
Some users install Fx or other apps to /home - to get around permission issues & allow easier updating. Doesn't that decrease security - installing to directories w/ full permissions for everyone?
Thanks. That's interesting - (by your example) MX linux has 52.0.2. (Same as Mozilla's latest stable_x64). Mint's main repo only has 52.0 - still, as of 3/30/2017.
That's part of the reason I installed the Mozilla release manually. Mint's v52.0 may have latest bug fixes back ported (don't know to what extent - only critical, high??), but AFAIK don't have latest features or UI, hardware related fixes?
That's the part I don't like about taking what's available in the repo. A bug in earlier version may not be a security risk or crash 50% of users, but it may make some users miserable. The disto version may contain / not contain things in the dev release. Sometimes, changing it back is a PIA.
So far I've found it's a good bit of work to update packages installed manually, say, to /opt.
Some users install Fx or other apps to /home - to get around permission issues & allow easier updating. Doesn't that decrease security - installing to directories w/ full permissions for everyone?
I don't know which mirrors you are using, but Firefox 52.0.1 came down the pipe to me from the Linux Mint repos on 23/3/17. It was released on 17/3/17. I can cope with that sort of delay. 52.0.2 was released on 28/3/17. To be honest with you, I wouldn't imagine that bug fixes are backported by Mint for Firefox.
I can see where you're coming from though. For most of my software I stick to the repos because it works well for me. However for certain packages I install directly from upstream or PPAs so that I can be more up-to-date.
My post was just an example (that happened to use the the kernel). The same principles apply to all SW.
Your best bet is to stick to the official repos for your distro. As above, either they (or the upstream as applicable) will have done all reasonable testing to ensure stable secure SW.
However, no-one is perfect, hence the continual updates that appear and the long version numbering...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.